Skip to main content
CVE-2026-25480 MEDIUM POC PATCH This Month

Cache poisoning in Litestar before 2.20.0 allows unauthenticated remote attackers to exploit improper Unicode normalization in the FileStore cache backend to create collisions between cache keys, enabling one URL to serve another URL's cached responses. Public exploit code exists for this vulnerability. An attacker can leverage this to serve malicious cached content to users accessing legitimate endpoints.

Information Disclosure Litestar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25494 MEDIUM POC PATCH This Month

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveAsset GraphQL mutation uses filter_var(..., FILTER_VALIDATE_IP) to block a specific list of IP addresses. [CVSS 6.5 MEDIUM]

SSRF Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25493 MEDIUM POC PATCH This Month

SSRF bypass in Craft CMS 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 allows unauthenticated attackers to access cloud metadata endpoints and internal IP addresses through the saveAsset GraphQL mutation by exploiting Guzzle's automatic redirect handling. The vulnerability bypasses hostname and IP blocklist protections that validate only the initial request URL, enabling attackers to reach sensitive internal resources. Public exploit code exists; patched versions 4.16.18 and 5.8.22 are available.

SSRF Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25492 MEDIUM POC PATCH This Month

Craft CMS versions 3.5.0-4.16.17 and 5.0.0-RC1-5.8.21 contain a server-side request forgery vulnerability in the save_images_Asset GraphQL mutation that allows authenticated users to bypass hostname validation and retrieve internal URLs by specifying domains resolving to private IP addresses. By uploading files with non-image extensions like .txt, attackers can bypass downstream validation to access sensitive data including AWS instance metadata credentials from the host system. Public exploit code exists for this vulnerability, though patches are available in versions 4.16.18 and 5.8.22.

AWS Craft Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25479 MEDIUM POC PATCH This Month

Litestar versions before 2.20.0 improperly escape regex metacharacters in the allowed_hosts middleware, allowing attackers to bypass hostname validation by supplying hosts that match the compiled regex pattern but differ from intended literal hostnames. Public exploit code exists for this vulnerability. The flaw affects the ASGI framework's ability to properly restrict incoming requests to authorized hosts.

Authentication Bypass Litestar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2195 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the questions-view.php file allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at active risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2221 MEDIUM POC This Month

SQL injection in the login component of code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, which affects PHP-based installations of the Online Reviewer System. An attacker can exploit this to extract sensitive data, modify database contents, or potentially gain unauthorized system access.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2220 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/btn_functions.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2217 MEDIUM POC This Month

SQL injection in itsourcecode Event Management System 1.0 via the ID parameter in /admin/manage_user.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, putting all affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2212 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in AdminEditCategory.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2211 MEDIUM POC This Month

Online Music Site versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2199 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in the user deletion function, potentially leading to unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations vulnerable to active exploitation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2198 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 via the difficulty_id parameter in /system/system/admins/assessments/pretest/loaddata.php allows remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could result in unauthorized data access, modification, or deletion within the application database.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2197 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 allows remote attackers to manipulate the test_id parameter in the exam-delete.php file, enabling unauthorized database access and modification without authentication. The vulnerability has public exploit code available and currently lacks a patch, posing an immediate risk to unpatched installations. Affected organizations using this system should prioritize mitigation strategies while awaiting official remediation.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2196 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 allows unauthenticated remote attackers to manipulate the test_id parameter in the exam-update.php endpoint, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-2225 MEDIUM POC This Month

SQL injection in the News Portal Project 1.0 administrator login interface allows unauthenticated remote attackers to manipulate the email parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could exploit this to extract sensitive data, modify database contents, or potentially escalate privileges within the application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-25920 MEDIUM POC This Month

SumatraPDF versions 3.5.2 and earlier are vulnerable to a heap buffer over-read in the MOBI file parser due to incomplete bounds validation in the HuffDic decompressor, allowing attackers to crash the application by opening a malicious .mobi file. Public exploit code exists for this vulnerability. Local user interaction is required to trigger the vulnerability, and while denial of service is the primary impact, the out-of-bounds read could potentially leak sensitive memory contents.

Windows Denial Of Service Sumatrapdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-2223 MEDIUM POC This Month

SQL injection in code-projects Online Reviewer System 1.0 via the ID parameter in the assessment module allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-25889 MEDIUM POC PATCH This Month

Filebrowser versions prior to 2.57.1 allow authenticated users to reset passwords without verifying the current password due to case-sensitive validation logic that can be bypassed using mixed-case field names in API requests. An attacker with a valid JWT token obtained through XSS, session hijacking, or similar means could exploit this to perform account takeover. Public exploit code exists for this vulnerability, and a patch is available.

XSS Filebrowser Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-25496 MEDIUM POC PATCH This Month

Stored XSS in Craft CMS Number field settings (versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21) allows authenticated users with high privileges to inject malicious scripts via the Prefix or Suffix fields, which execute when the field is viewed on user profiles. Public exploit code exists for this vulnerability. Updates to versions 4.16.18 and 5.8.22 are available to remediate the issue.

XSS Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25491 MEDIUM POC PATCH This Month

Stored cross-site scripting in Craft CMS versions 5.0.0-RC1 through 5.8.21 allows authenticated users with high privileges to inject malicious scripts through Entry Type names that are not sanitized when displayed in the Entry Types list. An attacker exploiting this vulnerability can execute arbitrary JavaScript in the browsers of other users viewing the affected list, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available in version 5.8.22 and later.

XSS Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-25230 MEDIUM POC This Month

FileRise versions before 3.3.0 contain an HTML injection vulnerability that allows authenticated users to manipulate the DOM and inject malicious form or link elements to redirect users or trigger unauthorized actions. Public exploit code exists for this medium-severity flaw, and no patch is currently available. The vulnerability requires user interaction and valid credentials to exploit, limiting its immediate impact but creating risk for organizations running affected FileRise instances.

XSS Filerise
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-14831 MEDIUM PATCH CISA This Month

A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). [CVSS 5.3 MEDIUM]

Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-7708 MEDIUM This Month

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. [CVSS 6.8 MEDIUM]

Information Disclosure
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-24777 MEDIUM This Month

Insufficient permission validation in OpenProject prior to 17.0.2 allows users with the Manage Users permission to lock and unlock application administrators, a capability that should be restricted to administrators only. An authenticated attacker with user management privileges can exploit this to lock out admin accounts and potentially disrupt system administration capabilities. No patch is currently available for affected versions.

Authentication Bypass Openproject
NVD GitHub
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-15316 MEDIUM This Month

Tanium addressed a local privilege escalation vulnerability in Tanium Server. [CVSS 6.7 MEDIUM]

Privilege Escalation Server Module Server
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-15315 MEDIUM This Month

Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. [CVSS 6.7 MEDIUM]

Privilege Escalation Server Module Server
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-24466 MEDIUM This Month

Windows services registered by Oki Electric Industry, Ricoh, and Murata Machinery products use unquoted file paths, allowing a local user with write access to the system drive root to achieve arbitrary code execution with SYSTEM privileges. This vulnerability requires elevated permissions and local access to exploit, making it primarily a privilege escalation risk in multi-user environments. No patch is currently available for affected products.

Windows
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2026-21419 MEDIUM This Month

Dell Display and Peripheral Manager before version 2.2 on Windows contains an insecure link resolution flaw that allows local attackers with low privileges to escalate their access through the installer or service. An authenticated user can exploit improper symlink handling to gain elevated permissions on the system. No patch is currently available for this vulnerability.

Windows
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-25806 MEDIUM This Month

PlaciPy is a placement management system designed for educational institutions. [CVSS 6.5 MEDIUM]

Authentication Bypass Placipy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-2235 MEDIUM This Month

C&Cm@il by HGiga contains a SQL injection flaw (CWE-89) that allows authenticated users to execute arbitrary database queries and extract sensitive information. The vulnerability requires valid credentials but no user interaction, making it exploitable by compromised or malicious internal accounts. No patch is currently available for this medium-severity issue.

SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22922 MEDIUM PATCH This Month

Airflow versions up to 3.1.6 contains a vulnerability that allows attackers to an authenticated user with custom permissions limited to task access to view tas (CVSS 6.5).

Apache Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24098 MEDIUM PATCH This Month

Apache Airflow 3.0.0 through 3.1.6 allows authenticated users with access to specific DAGs to view import error messages from other DAGs they lack permission to access, resulting in unintended information disclosure. An authenticated attacker can leverage this privilege escalation to gather sensitive information about other workflows and their configurations. Apache recommends upgrading to version 3.1.7 or later to remediate this vulnerability.

Apache Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24900 MEDIUM PATCH This Month

Markus versions up to 2.9.1 is affected by authorization bypass through user-controlled key (CVSS 6.5).

Authentication Bypass Markus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-15317 MEDIUM This Month

Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server. [CVSS 6.5 MEDIUM]

Denial Of Service Server
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25957 MEDIUM PATCH This Month

Cube.js versions 1.1.17 through 1.5.12 and 1.4.x before 1.4.2 are vulnerable to denial of service attacks where an authenticated attacker can craft a malicious request to completely disable the Cube API. This network-accessible vulnerability requires valid credentials but no user interaction, making it exploitable by any authenticated user with API access. No patch is currently available for affected versions.

Information Disclosure Cube.Js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-10464 MEDIUM This Month

Birtech Information Technologies Industry and Trade Ltd. Co. Senseway is affected by cleartext storage of sensitive information (CVSS 6.5).

Information Disclosure
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59024 MEDIUM This Month

Crafted delegations or IP fragments can poison cached delegations in Recursor. [CVSS 6.5 MEDIUM]

Information Disclosure Recursor
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25846 MEDIUM This Month

Youtrack versions up to 2025.3.119033 is affected by insertion of sensitive information into log file (CVSS 6.5).

Information Disclosure Youtrack
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-66601 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. [CVSS 6.1 MEDIUM]

Information Disclosure Fast Tools
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66596 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. [CVSS 6.1 MEDIUM]

Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-25765 MEDIUM PATCH This Month

Faraday HTTP client library versions before 2.14.1 fail to properly validate protocol-relative URLs when merging user-supplied paths with base URLs, allowing attackers to redirect requests to arbitrary hosts via SSRF attacks. Applications that pass untrusted input to Faraday request methods like get() or post() are vulnerable to request hijacking. A patch is available in version 2.14.1 and later.

Ruby SSRF Faraday Red Hat Suse
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25528 MEDIUM PATCH This Month

LangSmith Client SDKs for Python and AI/ML platforms are susceptible to server-side request forgery through malicious HTTP baggage headers that allow attackers to redirect trace data exfiltration to attacker-controlled endpoints. An unauthenticated attacker can inject arbitrary api_url values during distributed tracing operations, causing the SDK to send sensitive trace data outside the intended infrastructure. No patch is currently available for this medium-severity vulnerability.

Python SSRF AI / ML
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25905 MEDIUM This Month

Python code execution through Pyodide in the mcp-run-python library lacks isolation from the JavaScript environment, enabling attackers to manipulate the JS runtime and hijack MCP server functionality. This allows adversaries to perform malicious operations including tool shadowing and potential server compromise through crafted Python payloads. No patch is available as the project is archived.

Python AI / ML
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-25904 MEDIUM This Month

Pydantic-AI's MCP Run Python tool uses an insufficiently restrictive Deno sandbox configuration that permits Python code to access the host's localhost interface, enabling Server-Side Request Forgery (SSRF) attacks. An attacker can exploit this to probe or interact with services running on the local machine that should be isolated from external access. The archived project status means no patch is expected to be released.

Python SSRF AI / ML
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-22613 MEDIUM This Month

Improper server identity validation in Eaton Network M3 firmware upgrade functionality enables man-in-the-middle attacks by network-adjacent threat actors with high privileges. An attacker can intercept and manipulate firmware updates to inject malicious code, compromise system integrity, or disrupt availability. No patch is currently available for this medium-severity issue.

Authentication Bypass
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-25918 MEDIUM PATCH This Month

Unity-Cli versions up to 1.8.2 is affected by insertion of sensitive information into log file (CVSS 5.5).

Information Disclosure Unity Cli
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15318 MEDIUM This Month

Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools. [CVSS 5.5 MEDIUM]

Path Traversal End User Notifications
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-66595 MEDIUM This Month

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product is vulnerable to Cross-Site Request Forgery (CSRF). [CVSS 5.4 MEDIUM]

CSRF Fast Tools
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0632 MEDIUM This Month

Fluent Forms Pro Add On Pack (WordPress plugin) is affected by server-side request forgery (ssrf) (CVSS 5.4).

WordPress SSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy